----------------------------------------------------------------------


Looking for a job?


Secunia is hiring skilled researchers and talented developers.


http://secunia.com/company/jobs/


----------------------------------------------------------------------

TITLE:
LFTP Insecure "Content-Disposition" Suggested Filename Handling
Weakness

SECUNIA ADVISORY ID:
SA39861

VERIFY ADVISORY:
http://secunia.com/advisories/39861/

DESCRIPTION:
A weakness has been discovered in LFTP, which can be exploited by
malicious people to bypass certain security features.

The weakness is caused due to LFTP using the filename suggested via
the "Content-Disposition" header when downloading files from an HTTP
server. By suggesting a different filename than expected by the user,
this can be exploited to e.g. overwrite files in the current directory
on a user's system by tricking the user into downloading a file with a
seemingly harmless filename from a malicious HTTP server.

Note: LFTP does not prompt the user for confirmation before
overwriting existing files by default.

The weakness is confirmed in version 4.0.5.

SOLUTION:
Update to version 4.0.6.

PROVIDED AND/OR DISCOVERED BY:
oCERT credits Hank Leininger and Solar Designer.

ORIGINAL ADVISORY:
http://www.ocert.org/advisories/ocert-2010-001.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------